Lucent Sky AVM version 2006 release notes

2020/9/17 |

Lucent Sky AVM version 2006 releases

Lucent Sky AVM version 2006 SU1

New features in 2006 SU1

Build and pre-analysis

  • Improved support for Razor and configuration files commonly used by mobile apps

Binary analysis

  • Coverage improvements on the Java binary analysis engine

Source code analysis

  • Accuracy and coverage improvements on source code analysis engines

Hybrid analysis

  • Improvements on hybrid analysis algorithms

Remediation

  • Forth-generation remediation engine is now generally available

    • Contextual suggestion are now available in most vulnerability categories
    • PHP remediation algorithms have been updated

Reporting

  • Support for CWE v4.2

Interface

  • Usability improvements of the Web UI

Issues fixed in 2006 SU1

These are the issues addressed in 2006 SU1:

  • We fixed an issue where TypeScript files were analyzed but missing from analyzed file list.
  • We fixed an issue where Web UI is stuck in a redirect loop after password is changed.
  • We fixed an issue where timestamp of a rule package is not properly updated.
  • We fixed an issue where source code analysis sometimes fail when no result was found.
  • We fixed an issue where some vulnerabilities in Python were misclassified.

Lucent Sky AVM version 2006 MR

New features in 2006 MR

Build

  • Automatic build tool detection for .NET Core and Maven projects
  • Better support for .NET Core 3.1

  • Improvements on direct binary analysis

    • A directory containing .class files can be specified as the binary analysis target
    • Binary analysis target is now specified as analysis target instead of an scan argument

Binary analysis

  • Binary analysis engine accuracy, stability improvements, and bug fixes
  • Additional analysis rules for .NET and Java applications
  • Better support for .NET Core applications

Source code analysis

  • Support for Android apps developed with Kotlin
  • Better support for client-side JavaScript
  • Source code analysis engine accuracy improvements and bug fixes

Weakness policies

  • Support for CVSS 3 and priority ratings

Interface

  • Web UI performance improvements and bug fixes

  • CLI improvements and bug fixes

    Several methods arguments are not backward compatible with previous versions of CLI. For a list of these changes, view the following article in the Lucent Sky Knowledge Base: Get started with Lucent Sky AVM CLI: Migrating CLI scripts to v2006

  • 7-Zip files are accepted as source code archive

Administration

  • Support for on-premise cluster

    To learn more about creating a cluster on-premise, or migrating on-premise instances to a cluster, view the following article in the Lucent Sky AVM Knowledge Base: Administration guide to CLEAR Engine and Web UI

  • CLEAR Engine, Web UI, and CLI now require .NET Framework 4.8

Issues fixed in 2006 MR

  • We fixed an issue where Ant build fails after scanning Java applications with certain dependencies.
  • We fixed an issue where MSBuild v12 cannot be specified in scan arguments.
  • We fixed an issue where some scan log entries of C/C++ applications are missing.
  • We fixed an issue where results with the ‘WebService’ vector cannot be suppressed.
  • We fixed an issue where guest users are unable to sign in on the Web UI.
  • We fixed an issue where the name of arguments of the CLI is case sensitive.
  • We fixed an issue where licenses might expire up to 12 hours earlier than the expiration date.
  • We fixed an issue where the Encoding setting is not preserved during an update.
  • We fixed an issue where some log entries may not appear in scan logs when multiple scans are running concurrently.
  • We fixed an issue where long path support is inconsistent on Windows Server 2019.